? dashboard-access-716302-10.patch
? dashboard.patch
? sites/default/files
? sites/default/private
? sites/default/settings.php
Index: modules/dashboard/dashboard.info
===================================================================
RCS file: /cvs/drupal/drupal/modules/dashboard/dashboard.info,v
retrieving revision 1.3
diff -u -p -r1.3 dashboard.info
--- modules/dashboard/dashboard.info	26 Nov 2009 06:59:07 -0000	1.3
+++ modules/dashboard/dashboard.info	22 Apr 2010 21:42:19 -0000
@@ -6,4 +6,5 @@ package = Core
 version = VERSION
 files[] = dashboard.module
 dependencies[] = block
+files[] = dashboard.test
 configure = admin/dashboard/customize
Index: modules/dashboard/dashboard.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/dashboard/dashboard.module,v
retrieving revision 1.27
diff -u -p -r1.27 dashboard.module
--- modules/dashboard/dashboard.module	22 Apr 2010 09:12:35 -0000	1.27
+++ modules/dashboard/dashboard.module	22 Apr 2010 21:42:19 -0000
@@ -232,7 +232,7 @@ function dashboard_is_visible() {
   static $is_visible;
   if (!isset($is_visible)) {
     $menu_item = menu_get_item();
-    $is_visible = isset($menu_item['page_callback']) && $menu_item['page_callback'] == 'dashboard_admin';
+    $is_visible = isset($menu_item['page_callback']) && $menu_item['page_callback'] == 'dashboard_admin' && !empty($menu_item['access']);
   }
   return $is_visible;
 }
Index: modules/dashboard/dashboard.test
===================================================================
RCS file: modules/dashboard/dashboard.test
diff -N modules/dashboard/dashboard.test
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ modules/dashboard/dashboard.test	22 Apr 2010 21:42:19 -0000
@@ -0,0 +1,56 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * Tests for the dashboard module
+ */
+
+class DashboardTestCase extends DrupalWebTestCase {
+  
+  public static function getInfo() {
+    return array(
+      'name' => 'Dashboard functionality',
+      'description' => 'Test access control to dashboard',
+      'group' => 'Dashboard',
+    );
+  }
+
+  function setUp() {
+    parent::setUp();
+
+    // Create and log in an administrative user having access to the dashboard.
+    $admin_user = $this->drupalCreateUser(array('access administration pages', 'administer blocks'));
+    $this->drupalLogin($admin_user);
+    
+    theme_enable(array('stark'));
+    variable_set('theme_default', 'stark');
+    variable_set('admin_theme', 'stark');
+  }
+
+  /**
+   * Test adding a block to the dashboard and checking access to it.
+   */
+  function testDashboardAccess() {
+
+    // Add a new custom block to a dashboard region.
+    $custom_block = array();
+    $custom_block['info'] = $this->randomName(8);
+    $custom_block['title'] = $this->randomName(8);
+    $custom_block['body[value]'] = $this->randomName(32);
+    $custom_block['regions[stark]'] = 'dashboard_main';
+    $this->drupalPost('admin/structure/block/add', $custom_block, t('Save block'));
+
+    // Ensure admin access.
+    $this->drupalGet('admin');
+    $this->assertNoText(t('Access denied'), t('Admin has access to the dashboard.'));
+    $this->assertRaw($custom_block['title'], t('Admin has access to a dasboard block.'));
+
+    // Ensure non-admin access is denied.
+    $normal_user = $this->drupalCreateUser();
+    $this->drupalLogin($normal_user);
+    $this->drupalGet('admin');
+    $this->assertText(t('Access denied'), t('Non-admin has no access to the dashboard.'));
+    $this->assertNoText($custom_block['title'], t('Non-admin has no access to a dasboard block.'));
+  }
+}